<?php
session_start();
include("load-settings.php");

if(!isset($_SESSION['user']))
	header("Location: login.php");

$user = mysql_real_escape_string($_SESSION['user']);
$result = mysql_query("SELECT * FROM user WHERE id = $user");
$row = mysql_fetch_array($result);

if($row['type'] != 2)
	header("Location: home.php");

$username = mysql_real_escape_string($_POST['username']);
$paypal = mysql_real_escape_string($_POST['paypal']);
$password = mysql_real_escape_string($_POST['password']);

$new_hash = crypt($password);
$result = mysql_query("SELECT * FROM user WHERE paypal = '$paypal'");

if(mysql_num_rows($result) != 0)
	header("Location: edit-user.php");

mysql_query("INSERT INTO user (username, paypal, password, type) VALUES ('$username', '$paypal', '$new_hash', 3)") or die(mysql_error());

header("Location: edit-manager.php");

?>